CVE-2026-40516
Published: 17 April 2026
Summary
CVE-2026-40516 is a high-severity SSRF (CWE-918) vulnerability in Hkuds Openharness. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of tool parameters like target addresses, directly preventing SSRF by rejecting manipulated inputs to private or localhost services.
SI-9 enforces restrictions on information inputs to block parameters directing requests to loopback, RFC1918, or other non-public addresses.
AC-4 enforces flow control policies that prevent unauthorized information flows from the application to internal private services exploited via SSRF.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vuln in public-facing OpenHarness web tools allows unauthenticated remote exploitation (T1190) to query internal/localhost services, directly enabling access to cloud metadata endpoints for discovery (T1522) and credential theft (T1552.005), plus data retrieval from local HTTP services (T1005).
NVD Description
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an…
more
agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
Deeper analysisAI
CVE-2026-40516 is a server-side request forgery (SSRF) vulnerability, mapped to CWE-918, affecting OpenHarness prior to commit bd4df81. The flaw exists in the web_fetch and web_search tools, which lack proper validation of target addresses, enabling requests to private and localhost HTTP services. Published on 2026-04-17, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).
Unauthenticated remote attackers can exploit the vulnerability by influencing an agent session to invoke the affected tools with manipulated parameters. This directs requests to loopback, RFC1918, link-local, or other non-public addresses, allowing attackers to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
Mitigation requires updating to OpenHarness commit bd4df81 or later, as detailed in the fixing commit at https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae and pull request https://github.com/HKUDS/OpenHarness/pull/92. Further analysis is provided in the VulnCheck advisory at https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search.
Details
- CWE(s)